-
Notifications
You must be signed in to change notification settings - Fork 0
/
JSjQueryXssUnsafeBear.py
43 lines (36 loc) · 1.5 KB
/
JSjQueryXssUnsafeBear.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
"""
This file is available under GNU Affero General Public License v3.0
because it is a plugin for Coala which is available under AGPL-3.0.
https://github.com/coala/coala/blob/master/LICENSE.
"""
from coalib.bears.LocalBear import LocalBear
from coalib.results.Result import Result
from coalib.results.SourceRange import SourceRange
from dependency_management.requirements.PipRequirement import PipRequirement
from jqueryxss import __author__ as jqueryxss_author
from jqueryxss.core import analyse
class JSjQueryXssUnsafeBear(LocalBear):
LANGUAGES = {'JavaScript'}
AUTHORS = {jqueryxss_author}
CAN_DETECT = {'Security'}
REQUIREMENTS = {PipRequirement('slimit', '0.11.0-mv')}
def run(self, filename, file, **kwargs):
"""
jQuery XSS Static Analyser
Static analyser for JavaScript which can detect use of unsafe jQuery
methods which are vulnerable to XSS attack.
"""
bear_results = []
file_content = ''.join(file)
# raises InvalidInput: on syntax error in provided JavaScript source code
detections = analyse(file_content)
for detection in detections.values():
bear_results.append(Result(
self,
'unsafe jQuery method call `{method_call}`',
(
SourceRange.from_values(filename, detection.line, detection.column),
),
message_arguments={'method_call': detection.method_call},
))
return bear_results